Talk:Simple file verification

Weaknesses

 * 1) What if all files where transmitted correctly, but not the corresponding SFV file, therefore raising a false-positive transmission error?
 * 2) What if files got corrupted and so did the SFV file - in such a way that the corrupted checksum happens to be the correct checksum for the corrupted files, therefore passing the files as false-negative valid files?
 * 3) What if the files were edited maliciously and so was the SFV file to look as if the files were authentic?

So to speak, in its pure form, SFV does neither add to integrity nor authentity of files, at least not as much as this article currently promises. --Abdull 20:13, 26 April 2007 (UTC)


 * No user is probably ever going to rely on just a single hashcheck. In fact, most users don't even know what a hash is, and their way of checking a file's integrity is to open it in the program it's made for. And if you have already found out you have your data intact, who cares about the .sfv? Create a new one if you need it.
 * I'm not saying it's completely impossible, but what are the odds of that actually happening, really?
 * If you are to use .sfv as a safety check, you are not going to verify the data with the hash in the .sfv that ships with the data, but with the one you got from the "source" (either from a person who was the original owner of the data - or if thats you - from what you wrote down somewhere secure).
 * The article doesn't promise SFV to be the ultimate integrity & security verification, it merely points out the main use of SFV as a basic integrity and (if used wisely (see point 3), as a bonus) simple security check. Or if at the time of your writing, the page was radically different, you should have provided a diff for that version, or something. -- 82.131.68.159 07:06, 1 June 2007 (UTC)

Questions
Are SFV's also used to combine files downloaded in segments into the 'original' file? —Preceding unsigned comment added by 66.105.208.12 (talk) 07:09, 24 November 2007 (UTC)


 * Nope. Only for checking files against corruption or modification. James.Denholm&reg;Talk to me... 09:51, 3 May 2009 (UTC)

What happens if you have a filename beginning with a semicolon? DancesWithGrues (talk) 01:45, 17 April 2013 (UTC)
 * All the SFV tools I've tested fail to recognize this as a file. This was poorly-thought out. Why not do like COBOL and use an asterisk to denote comment lines? A normal colon would also have avoided this problem. DancesWithGrues (talk) 16:55, 17 April 2013 (UTC)
 * A workaround would be to enclose the filename with "quotes". However existing programs will need to be modified to recognize this. DancesWithGrues (talk) 22:04, 17 April 2013 (UTC)

Mac / Unix shell script to check
if you want to check an sfv against the contents of that directory, this shell script will work. (not for the the faint at heart with the command prompt, requires proper line endings -- hence dos2unix at the beginning).

''|||| ... Bash script now deleted by Sburke ... ||||''

(End of comment 2007-11-15T02:50:40 by 216.101.164.52)


 * While I realize that this can be useful to people, Wikipedia is not the place to simply dump scripts on, and Wikipedia talk pages should be used for discussing improvements to the article. -- intgr [talk] 12:49, 15 November 2007 (UTC)


 * I know you (216.101.164.52, in 2007) mean well with that script, and are just trying to help-- but within a minute or two or testing this code, I found that it's buggy in several really fundamental ways, and I was able to spot and write exploits for huge security holes. I've deleted the code from this page. Anyone who has copied that code into a program that they use, should delete it. But thank you for the effort. -- Sburke (talk) 08:29, 24 March 2016 (UTC)

Lots of missing info
So is SFV simply a de facto file format or is there a standard algorithm, etc.? If so, who invented it, etc. Ham Pastrami 12:05, 2 December 2007 (UTC)


 * The standard algorithm is mentioned in the article, and it's quite common - it is used in the warez scene.--134.147.252.130 (talk) 13:12, 28 August 2008 (UTC)
 * It's also included in shareware CDs that were released with computer magazines in the 90s (which have made their way into Archive.org's software library). There are also ~5,483 .sfv files indexed on GitHub.com as of this writing, which confirms that the format is commonplace, albeit as a legacy file format. It's by no means specific to WaReZ. OmenBreeze (talk) 23:06, 21 September 2022 (UTC)


 * The checksum that is used (CRC32) is standard, the file format is not. What exactly do you think is missing? -- intgr [talk] 07:36, 29 August 2008 (UTC)


 * CRC can use any polynomial. To be used as a standard, a specific polynomial must be chosen. We are left to guess that CRCs stored in SFV are expected to use a specific polynomial (can this be confirmed?) and it is the same polynomial as IEEE (can this also be confirmed?) since it is probably the most common. Article still hasn't answered my original question of who came up with SFV or how its usage spread, so I've already stated what's missing. Ham Pastrami (talk) 09:26, 20 March 2010 (UTC)

I guess what *I'm* missing is who uses it. In my world md5sums (and/or SHA) are the norm. The warez scene sounds likely. This is by the way a pretty long-winded article for something that can be explained simply as a "listing of file names and checksums". JöG (talk) 22:25, 12 January 2010 (UTC)

This FAQ and this webpage are the most detailed explanations of the format I've seen. Particularly interesting are the comment block labels (!SFV_COMMENT_START/!SFV_COMMENT_END) and the explanation of the filesize/date info block. DancesWithGrues (talk) 23:29, 17 April 2013 (UTC)

This is the polynomial. I got this from the cksfv github https://github.com/vadmium/cksfv/blob/master/src/crc32.c, which has the CRC32 lookup table corresponding to this polynomial: $$x^{32} + x^{26} + x^{23} + x^{22} + x^{16} + x^{12} + x^{11} + x^{10} + x^8 + x^7 + x^5 + x^4 + x^2 + x + 1$$ Used in: ISO 3309, ANSI X3.66, FIPS PUB 71, FED-STD-1003, ITU-T V.42, Ethernet, SATA, MPEG-2, Gzip, PKZIP, POSIX cksum, Portable Network Graphics|PNG, (found here https://en.wikipedia.org/wiki/Polynomial_representations_of_cyclic_redundancy_checks) I believe this is also the IEEE 802.3 polynomial. (http://www.xilinx.com/support/documentation/application_notes/xapp209.pdf) Maybe not the cleanest reference chain but an answer. — Preceding unsigned comment added by 73.213.111.1 (talk) 03:38, 14 July 2016 (UTC)